General
-
Target
6e8b7c796f65b886ff09f9d3fdd2e38589017007faac9fca6b6d23e28bd2443a.exe
-
Size
391KB
-
Sample
241112-y4a1nszhmd
-
MD5
65dd1fe675821a179c18561555f64259
-
SHA1
4b7c2469b3f820cf239b8c85913b44e3e5b6b98a
-
SHA256
6e8b7c796f65b886ff09f9d3fdd2e38589017007faac9fca6b6d23e28bd2443a
-
SHA512
1fbddf2417d4b637665098d78a3e27803c3f096647542ff3ed4af7fc879c0b5a57ae37b64628519a4ae870271b49803ef0c61559e683af0c8f4efced62e8d186
-
SSDEEP
6144:Kry+bnr+Wp0yN90QE9gjg0iqiNZ3fLoaF4FXjfEK7yzABei4CGb9EkGo:5Mrmy90jgjIZ3zn6FXzE1JiiEXo
Static task
static1
Behavioral task
behavioral1
Sample
6e8b7c796f65b886ff09f9d3fdd2e38589017007faac9fca6b6d23e28bd2443a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
6e8b7c796f65b886ff09f9d3fdd2e38589017007faac9fca6b6d23e28bd2443a.exe
-
Size
391KB
-
MD5
65dd1fe675821a179c18561555f64259
-
SHA1
4b7c2469b3f820cf239b8c85913b44e3e5b6b98a
-
SHA256
6e8b7c796f65b886ff09f9d3fdd2e38589017007faac9fca6b6d23e28bd2443a
-
SHA512
1fbddf2417d4b637665098d78a3e27803c3f096647542ff3ed4af7fc879c0b5a57ae37b64628519a4ae870271b49803ef0c61559e683af0c8f4efced62e8d186
-
SSDEEP
6144:Kry+bnr+Wp0yN90QE9gjg0iqiNZ3fLoaF4FXjfEK7yzABei4CGb9EkGo:5Mrmy90jgjIZ3zn6FXzE1JiiEXo
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1